Conventional textual password scheme uses a string of alphanumeric characters to identify a user. As people tend to choose inherently weak passwords, i.e. those passwords easy to remember, instead of strong passwords, textual password scheme is vulnerable to be attacked.
Graphical password schemes, which take advantage of a person's significant capability to recognize and to recall visual images, may resolve the problems associated with textual password schemes.
U.S. Pat. No. 5,559,961 to Blonder, issued Sep. 24, 1996, for example, discloses a graphical password scheme, in which a user is presented with a predetermined graphical image and is required to touch one or more predetermined positions (“tap regions”) on the image in a predetermined sequence, as a means of entering a password. The drawback of such a scheme is that the memorable tap regions are usually limited and this leads to a limited effective password space.
Similarly, U.S. Pat. No. 5,608,387 to Davies, issued Mar. 4, 1997, teaches another graphical password scheme. Under this scheme, a user is required to touch one or more complex human face images as a password. This scheme also suffers from the relatively small password space. For instance, in the case of a 3×4 face matrix, if the length of the password is 6, the full password space amounts to 126≈3 millions.
U.S. Pat. No. 6,686,931 to Bodnar, issued Feb. 3, 2004, discloses a graphical password methodology for a microprocessor device that accepts non-alphanumeric user input. The graphical password comprises a sequence of non-alphabetic keystrokes, such as FORWARD, FORWARD, BACK, BACK, TOUCH. The full password space of this scheme is even smaller.
In 1999, Ian Jermyn proposed a graphical password scheme, “draw a secret”, in which a user is required to draw a secret design on a grid. [In his paper entitled “The Design and Analysis of Graphical Passwords” in Proceedings of the 8th USENIX Security Symposium, August 1999] However, in this scheme, many passwords are difficult to remember and repeat, since “difficulties might arise however, when the user chooses a drawing that contains stokes that pass too close to a grid-line”. The author gave a tentative solution: “the system does not accept a drawing which contains strokes that are located ‘too close’ to a grid line”. However, it is very difficult to define how close is “too close” in this scheme. Users have to draw their input sufficiently away from the grid lines and intersections in order to enter the password correctly. If a user draws a password close to the grid lines or intersections, the scheme can not distinguish which cell the user is choosing. This limitation causes this scheme to require that the cells must be sufficiently large and must not be too small. This limitation also sacrifices the usability of inputting password, restricts freedom of choosing password (or shapes of drawings), and subsequently reduces the effective password space for this scheme.
In 2006, Hai Tao proposed an improvement of DAS, Pass-Go, in which a user selects (i.e. touches) the intersections of a grid as a way to input a password. [In his master thesis entitled “Pass-Go, a New Graphical Password Scheme”, University of Ottawa, Canada] Pass-Go provides improvements on usability over DAS and provides significant large full password space: the full password space for Pass-Go 9×9 is 1.85×1015 when the maximum password length is 8.